NSA plans high-security smart card
Connecting state and local government leaders
The National Security Agency is testing a smart card with higher security than the Defense Department's current Common Access Card, which has already been issued to more than a million DOD employees.
The National Security Agency is testing a smart card with higher security than the Defense Department's current Common Access Card, which has already been issued to more than a million DOD employees.
NSA's $40 Universal Secure Access smart card'also referred to as Forte'will go to workers with high-security clearances, said Michael Butler, chief of smart-card programs at DOD. Forte meets Federal Information Processing Standard 140-2 for cryptographic modules.
'The USA card is not presently seen as a direct replacement for the Common Access Card, nor will it be fielded to all DOD employees,' Butler said.
PKI built in
SSP-Litronic Inc. of Irvine, Calif., will design the card to be used for physical and logical access as well as digital certificates with an embedded private key.
'We'll be getting our certificates from a class-four public-key infrastructure certificate authority, instead of the current class-three authority,' said Army Lt. Col. James Cassella, a press officer.
A class-four certificate adheres to more stringent validation policies, he said.
Forte is built on the Common Access card platform, said Randy Vanderhoof, executive director of the Smart Card Alliance. But its chip can store more identity verifiers and user information.
'NSA has an initiative to develop a secure communications network using encryption,' Vanderhoof said. 'It needs a platform to store its digital credentials.'
Fewer than 1,000 testers so far are using it, but NSA will deploy about 500,000 cards in the next 12 to 15 months, said Jim Prohaska, Litronic vice president of government systems.
The key-management infrastructure is being designed by General Dynamics Communication Systems of Taunton, Mass., under a $24.4 million NSA contract.
'Most cards don't have much bandwidth or processing capability,' Litronics' Prohaska said.
Forte, however, has an embedded 32-bit processor with enough power to do encryption and decryption itself without offloading them to a PC.
Multiple vendors
Although DOD card readers can accept Forte, it will not admit NSA users to a DOD facility.
'The intelligence of the card is the same,' Vanderhoof said, 'but the information and the visible identity can differ. NSA has its own process for issuing the card and maintaining a list of who has a valid card.'
'We are looking at using multiple smart-card vendors,' Cassella said, 'but we must achieve interoperability among the various smart cards.'